Daily Tech Digest - March 20, 2017

It's time to face the ugly reality of face recognition

Face recognition does not require permission or knowledge. Any photograph will do. You have been photographed hundreds or thousands of times already. And with surveillance cameras, you're being photographed regularly. Every time you use an ATM, for example, you're having your picture taken, and that picture is associated in the bank's database with your name and bank account. Photographs can be taken from a distance without the knowledge or permission of the target. Other biometric data is private or more difficult to obtain without your knowledge or permission. For example, if you've been fingerprinted for a passport or by the police, you've agreed to it and those agencies will keep your data to themselves. If I provided you with somebody's fingerprints, you couldn't use that data unless you were a cop and had access to the database.


Supply chain technology: achieving next-gen visibility

Three primary forces drive this need to achieve greater supply chain visibility. The first is the emergence of the consumer-centric supply chain. People now have increased power and choice, allowing them to buy virtually anything, anytime, across a variety of methods. This has put tremendous pressure on supply chains that were originally designed for volume and scalability to become agile, responsive, and fluid. The second force is the transformation of previously linear supply chains devoted to shipping pallets and full truckloads to grid-based, or many-to-many, nodal value chains, therefore enabling greater consumer responsiveness. This, in turn, has led to smaller and more frequent shipments, an emphasis on achieving a smooth flow of data, and an increase in complexity in providing inventory visibility.


Business Model Transformation and What it Means to the Data Industry


Organizations have traditionally treated data as a legal or compliance requirement, supporting limited management reporting requirements. Consequently organizations have treated data as a cost to be minimized. The financial valuation of data technology companies has been based upon those perceptions and relationships. ... Data technology companies tend to sell to the part of the organization where data is a cost to be minimized and the sales processes focuses on negotiating with Procurement on price, margin, terms and conditions, instead of engaging with the part of the organization where data is a corporate asset to be exploited for business value, and discussions focus on time-to-value and de-risking projects.


Machine learning proves its worth to business

Machine learning couldn’t be hotter. A type of artificial intelligence that enables computers to learn to perform tasks and make predictions without explicit programming, machine learning has caught fire among the hip tech set, but remains a somewhat futuristic concept for most enterprises. But thanks to technological advances and emerging frameworks, machine learning may soon hit the mainstream. Consulting firm Deloitte expects to see a big increase in the use and adoption of machine learning in the coming year. This is in large part because the technology is becoming much more pervasive. The firm’s latest research shows that worldwide more than 300 million smartphones, or more than one-fifth of units sold in 2017, will have machine learning capabilities on board.


Meet Lorek, the Robot That Communicates in a Remarkable Way

It not only recognizes an object a human being is pointing at and talking about, but asks questions to clarify what they mean. Lorek is limited to trafficking in specific objects, sure, but the robot is a big deal for the budding field of human-robot interaction. The robot—from researchers at Brown University—works like so. A human wearing a headset stands in front of the machine, which sits on a table with six objects in front of it. The human points at, say, a bowl, and asks, “Can I have that bowl?” A Microsoft Kinect atop the robot’s head tracks the movement of the hand to determine which object the subject means and combines that data with the vocal command.


Coders And Librarians Team Up To Save Scientific Data

Some fear the data will be intentionally lost or altered. Others want to make sure the data is available in more than one location, especially more than one government website, since budget cuts could mean server space and upkeep of these data sets might no longer be a priority. "We're most concerned that data might be taken offline and public accessibility will be gone and it'll only be available as [Freedom of Information Act] requests," said Margaret Janz, a data curation librarian at the University of Pennsylvania. "Our goal is to make trustworthy copies of data so it will be available to the public and suitable for research. ... This data should never have been in just one place."


What Biosecurity and Cybersecurity Research Have in Common

More recently, biosecurity experts have begun to scrutinize not just pathogens and publications but also the activities and techniques that create them, identifying seven research categories that demand closer scrutiny. These include a subset of experiments that increase pathogens’ stability, transmissibility, or host range (the animals that could harbor the disease). This type of research gained notoriety in 2011 when two labs engineered a highly pathogenic form of bird flu to transmit more easily between mammals. These efforts, while still a work in progress, signal a way for regulators to begin to focus less on pathogens and code and more on the risks and intent of research projects themselves. For all of their similarities, key differences between biosecurity and cybersecurity risks and timelines will dictate varied regulatory strategies.


Intel claims storage speed record with its large-capacity Optane SSD

The first large-capacity Optane SSD drive is the DC P4800X, which has 375GB of storage and started shipping on Sunday. The $1,520 SSD is targeted at servers. (Intel didn't provide regional availability information.) Intel says an enterprise Optane SSD with 750GB will ship in the second quarter, and that a 1.5TB SSD will ship in the second half of this year. These SSDs will fit as add-in cards in the PCI-Express/NVMe and U.2 slots. That means they could work in some workstations and servers based on AMD's 32-core Naples processors. Optane will also ship in the form of DRAM modules next year. Intel did not share information on when it would ship consumer SSDs.  Optane has been hyped as a new class of superfast memory and storage that could replace today's SSDs and DRAM. Intel has claimed Optane is up to 10 times faster than conventional SSDs.


Online Denial of Service Attacks Are a Growing Concern

Describing that situation, Stephanie Weagle, vice president of Corero Network Security, told SC Media UK that DDoS attacks have become many things over the last decade: weapons of cyberwarfare, security breach diversions and service-impacting strategies. “The motivations for these attack campaigns are endless — financial, political, nation-state, extortion and everything in between,” she said. ... Weagle added: "Continuing to rely on traditional IT security solutions, and/or human intervention to deal with the growing DDoS epidemic will continue to prove devastating to businesses. As recent events have confirmed once again, proactive, automated protection is required to keep the Internet-connected business available in the face of DDoS attacks.”


ColumnStore: Storage Architecture Choices

To provide data redundancy, ColumnStore relies on external storage to provide resilient storage and enable a particular DBRoot volume to be remounted on another PM server. This generally implies a remote networked storage solution, although filesystems such as GlusterFS can allow deployment without additional servers.  When internal storage is utilized, journaling filesystems and RAID deployment provide for resilient storage. However, since the storage is only available within a given PM server, the storage cannot be remounted on another PM server should one fail. In this case, the failed server must be recovered before ColumnStore can support additional queries. With external storage, ColumnStore can provide automated failover and continuity in the event a PM server fails.


Quote for the day:


"Big data is at the foundation of all of the megatrends that are happening today, from social to mobile to the cloud to gaming" -- Chris Lynch

Posted by at No comments:
Labels: , , , , , , , , , ,

Daily Tech Digest - March 19, 2017

In Defence of the Monolith, Part 1

Of course, any architecture is a trade-off between competing forces, and context is all important. In my own case, the two main monoliths I've been involved with are enterprise web apps, which are accessed in-house. For the last 13 years, I've worked on a large government benefits administration application running on .NET, and for the last five years I've also worked on an invoicing system running on Java. Both systems are monoliths in the sense that most of the business logic is in a single deployable webapp. I'm sure that many other visitors to the InfoQ website work on similar systems. ... In breaking up the application into modules, we should also ensure that the dependencies between modules are in one direction only: the acyclic dependencies principle. We'll talk shortly about how to enforce such constraints; whatever the tooling used to enforce these rules


Artificial creativity (A.C.): Can a computer be creative? It’s scarily close

One of the favorite stories in Science Fiction is of a future where robots are so advanced that they have taken on human characteristics and act as advanced servants. Boston Dynamics currently make the most advanced robot displaying this, able to move freely and interact in many ways with people. But even SciFi have difficulty imagining a world where robots can come up with their own ideas. This world is closer than you may think. In the not too far future machines and robots will not only become more advanced, they will also begin to exhibit aspects of Creativity, and may soon exceed people in the ability to produce simple creative outputs. However, while I believe robots will be able to imitate a human’s ability for crafting creative work, I don’t believe this is the same as true creativity.


Finding Value In IoT Data

A challenge and a huge opportunity remains for those enterprise software and services companies that have the technology and tools available to help people and businesses make sense of, analyze, and harness the tsunami of data that we are about to be engulfed by. Here’s the real business potential to add value through IoT: Companies in almost every industry will transform into digital businesses which means oversight must be powered by real-time data – fed in large part by sensors. As Herzberg, says, the beauty of sensors that they bring real-time data to applications: “Customers run applications for business critical processes, which could run better with real-time awareness.” Big Data analytics and machine learning will deliver personal and business insights and will enable us to make immediate decisions based on that data – rather than relying as we have in the past, on guesswork or out-of-date forecasts.


Metadata Management and Data Governance: The Essentials of Enterprise Architecture

Bremeau says he expects any Metadata Management software today to be able to connect to live databases, data integration servers, and BI servers as well. “My advice, in general, is always to start from the end – from the business [intention] side – and that’s what people hate to do.” He says he prefers to start with the business users because, “That’s basically going to get them excited, if you can start from their Business Intelligence reports,” he said. “If you’re buried inside your ETL, and work for weeks, you will still have nothing to show” to your business users. “At the center of this, you’re going to go to your Data Warehouse and bring everything in,” which, Bremeau said, is not as simple as it sounds. When the data comes in – no matter what products or tools are used,


Digital Transformation Impact on Enterprise Architecture

Digital Transformation is not a new idea. It has now reached mainstream acceptance with with the maturity of technologies such as Social, Mobile, Analytics & Cloud. Success stories of Digital Transformation in the enterprise have always involved people, process, and technology. In this blog, we will focus on technology and more specifically on the evolution of enterprise application and infrastructure architecture in organizations embracing Digital Transformation. ... Transforming existing custom apps into Microservices involves disaggregating the application tier into a number of Microservices and hosting them on PaaS or CaaS. Another major consequence with this architectural change is that traffic between services, which in the past was contained within the application server, now occurs between microservices connected by the data center network.


Testing Enterprise Architecture at the Tactical Level

To test a service is to ascertain that the service meets its requirements. You may be tempted to apply a uniform testing approach to all the services. This is a bad idea. It is better to decide on the approach by service category or even case by case. For application services, testing is an integral part of the best practices of software engineering. The software requirements are most likely defined with Use Cases, which is a concept very closely aligned with application services. ... For technology services, the requirements are often just a technical specification of required resources such as the operating system, storage space and network connectivity. Building and maintaining such services are very different from application services. Infrastructure specialists often react negatively if you


A Security Approach for a Cloudy World: An Interview with Pete Cheslock

Providers such as Heroku, Google Cloud Functions and AWS Lambda really make the concept of securing your systems more interesting when you don’t have any servers to run your code on. These are often referred to as "serverless" - your code executes inside a provider on systems that you likely don’t have any control over. In many ways, this can help make you more secure as you are reducing the number of endpoints you need to secure. But in the end this pushes your security challenges over to the provider themselves. AWS uses their Identity and Access Management (IAM), meaning you are now in full control of providing access to your functions. You need to ensure the security is as least-privilege as possible. Additionally, your code needs to get to the provider somehow, which means you'll be running systems that do the continuous integration and deployment


Enterprise Architecture for the Internet of Things: Containerization and Microservices

Organizations are increasingly attempting to remedy these complexities with virtualization technologies, in which data is made available as an abstraction layer accessible to various parties from distinct locations. Containerization represents the next level of virtualization technologies and may be the most viable means of effecting the flexible agility required to provision, analyze, and reap the benefits of real-time application data in a post-IoT world. Meanwhile, running those applications as microservices could very well be the best means of creating and deploying them in time to account for the IoT’s extreme volumes and velocities of data, especially when they are leveraged within containers. “I think there’s a natural progression there and maybe some of the more forward thinking companies will say hey, this all fits together; I can do this right away,” MapR Senior Director of Industry Solutions Dale Kim said.


What if data privacy wasn’t an issue?

Where personal data is left identifiable, it’s remarkable what can be achieved, with China being the poster child for this sort of application. In some cities in Xinjiang Province, for example, drivers have been ordered to install satellite navigation equipment in their vehicles. And more everyday applications are starting to emerge. “With Transport for London, for example, you have an Oyster card, but when you go to China now they’re using facial recognition,” says Mr McGloin. “They can accept that over there.” Last year, the main railway station in Beijing started trialling facial recognition technology to verify the identity of travellers and check their tickets are valid for travel. In the city of Yinchuan, meanwhile, a passenger’s face is linked to their bank account, enabling bus passengers to pay automatically simply by having their faces scanned.


Bimodal IT: Business-IT alignment in the age of digital transformation

On the architectural level, bimodal IT takes advantage of emerging tools and platforms for agile customer-facing frontend systems while also running the traditional stable, mission-critical backend systems. This results in a duopoly of business-critical scale-up applications running on one stronger computer and scale-out applications distributed on several regular computers for reacting to changed or new business or technological conditions in the short term (Pfützner 2015). The required flexibility is enabled by virtualizing data and resources in a composable modular infrastructure for traditional IT and digital IT (Greiner 2015), partially with the aid of infrastructure respectively platform as a service cloud-based solutions. Companies often use private clouds for traditional IT


Quote for the day:



“The last 10% it takes to launch something takes as much energy as the first 90%.” -- Rob Kalin

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Daily Tech Digest - March 18, 2017

So if Watson isn't a giant artificial brain that will be used to power our robot overlords, what is it then? IBM says it's all about cognitive computing. It's the ability to take completely "unstructured data" – i.e. data where there is currently no relevance or any reason to connect it to anything else – process all that data and detect new patterns so that humans don't have to figure it out all by themselves. Big data analytics, whereby humans look at statistics from different aspects of their business all at once and then use it to make decisions, is already commonplace. But let's say you throw in something completely unexpected, such as a power surge or a major political event. This changes the data, and suddenly the computer doesn't have great advice to give.


Machine learning can also aid the cyber enemy

"The concern about this is that one might find that an adversary is able to control, in a big-data environment, enough of that data that they can feed you in misdirection," said Dr Deborah Frincke, head of the Research Directorate (RD) of the US National Security Agency/Central Security Service (NSA/CSS). Adversarial machine learning, as Frincke called it, is "a thing that we're starting to see emerge, a bit, in the wild". It's a path that we might reasonably believe will continue, she said. As one example, an organisation may decide to use machine learning to develop a so-called "sense of self" of its own networks, and build a self-healing capability on top of that. But what if an attacker gets inside the network or perhaps was even inside the network before the machine learning process started?


Server Storage I/O: Converged (CI) and Hyper-Converged (HCI)

"What is the best CI, CIB, or HCI solution, product, or vendor?" Of course, if you know me, my answer is, "It depends." It depends on what you are trying, need, or want to do. It also depends on your applications, along with their current and future growth needs — among other questions. I also turn the question around and ask people what they are looking for, or why they want CI, CIB, HCI, as well as what they want or need as their point of convergence? For example, are they looking to converge around hardware (e.g. servers, storage or networking), software (hypervisors, operating systems, data services), dashboards or other management tools, interfaces, data protection, some applications, or perhaps a particular product or vendor?


The New Age of Marketing

Today, SEO is still incredibly important. Companies spend tremendous time and resources trying to keep their search results in the top slots of a Google search. But times, they are a-changing. Desktop web searches are in decline, and Google is dominant. As Google stretches for revenue growth, they have slowly, but surely, annexed the natural search results and converted this valuable real estate to advertising. They are turning free-riders into taxpayers. Their paid advertising results are so good and relevant that it’s debatable whether they are poisoning the consumer well, which would leave the door open for companies whose search results are “natural.” Some of my smart colleagues hope so, but I’m not so sure. In the travel vertical, for example, Expedia is big enough to pay for those top search results


10 Principles of Strategy through Execution

Any company can follow the same path as these successful firms, and an increasing number of companies are doing just that. If you join them, you will need to cultivate the ability to translate the strategic into the everyday. This means linking strategy and execution closely together by creating distinctive, complex capabilities that set your company apart, and applying them to every product and service in your portfolio. These capabilities combine all the elements of execution — technology, human skills, processes, and organizational structures — to deliver your company’s chosen value proposition. How do you accomplish this on a day-to-day basis? How do you get the strategists and implementers in your company to work together effectively? These 10 principles, derived from our experience at Strategy&, can help you avoid common pitfalls and accelerate your progress.


11 DIY Projects to Turn Your House Into a Smart Home

The smart home revolution definitely isn’t happening overnight. Even with a flood of new devices and platforms available, most of us are still only inching toward fully automated homes. Still, you can take matters into your own hands and speed up the rate of progress with these DIY smart home systems. ... Not only is the Amazon Echo an incredibly handy device to have around the (smart) home, it’s also an easy way for developers to build voice commands into their projects. For that very reason, we have this DIY project for getting temperature and humidity readings from your Amazon smart home speaker. Some hardware hacking and software coding is required to get it finished. The aforementioned Particle Photon is the board doing most of the work in terms of collecting the data that the Echo (and Alexa) can then access with a little bit of coding. You’re also going to need a temperature sensor for the raw data, as well as an Alexa Skill Set that understands what you want


These are the fintech segments most likely to grow in 2017

Going forward, we are likely to see funding growth correspond with application share. The study's findings offer a reliable if narrow indicator of which segments will see growth this year. As such, we are likely to see the most investment deals emerge in the areas of cloud and other core technologies, AI and machine learning, and customer data analytics, as they continue to evolve rapidly and present untapped opportunities for investors to seize. We’ve entered the most profound era of change for financial services companies since the 1970s brought us index mutual funds, discount brokers and ATMs. No firm is immune from the coming disruption and every company must have a strategy to harness the powerful advantages of the new fintech revolution.


How AI will help us decipher millennials

Are they really such a complex generation that we must resort to artificial intelligence to figure out what they want and to keep them coming back for more? Turns out they are, and AI is indeed the ultimate weapon in the fight for the millennial generation’s ever-shortening attention span. Luckily, rapid strides in the field of machine learning will help unravel what this fickle “target market” really wants. Machine learning is a crystal ball in the world of AI. It analyzes existing data and — through complex algorithms — predicts what will happen in similar cases in the future. Machine learning service providers aim to help organizations understand how they can interact with millennials in a way that will drive sales. They say if you want to connect with millennials, make a chatbot.


A Growing Talent Shortfall Can Leave Apps Vulnerable

The traditional career trajectory of those currently in cybersecurity has placed very little emphasis on application security. With the direction things are headed, that’s a problem. According to Verizon’s Digital Breach Investigation Report, the number one source of data lost in cyber-attacks is the web application level, a vulnerability that is increasingly problematic as we move to a mobile-centric landscape. The issue that many companies face, specifically in application security, is that there are too many code vulnerabilities. This creates more work for the IT talent who need to deal with the flaws. ... With a worldwide shortage of skilled cyber-experts, the question remains; how can companies continue to gain ground on the malicious hackers? If the talent isn’t there, how can they defend their systems?


In Cyber, Who Do We Trust to Protect the Business?

As part of the effort to strengthen investor trust and public confidence in board-level cyber risk oversight practices, NACD has created the first credentialed course dedicated to board member cyber literacy. The NACD Cyber-Risk Oversight Program was launched in concert with Ridge Global —led by former Governor Tom Ridge, first US Secretary of Homeland Security — and the CERT Division of the SEI, a federally-funded research and development center sponsored by the Department of Defense, based at Carnegie Mellon University. The program is a first-of-its-kind online course that goes in-depth on issues such as cybersecurity leadership, effective security structure, and the role of the board. Leaders who complete the course and pass the exam earn the CERT Certificate in Cybersecurity Oversight, issued by Carnegie Mellon.


Quote for the day:


"Innovation comes from the producer - not from the customer." -- W. Edwards Deming

Posted by at No comments:
Labels: , , , , , , , , , , , ,

Daily Tech Digest - March 17, 2017

A Model Proposal for Organizational Prudence and Wisdom Within Governance of Business and Enterprise IT

An organization’s ability to respond to changing environments is a critical issue. Decision-making bodies at all levels need to adjust to meet fast-changing environments. Basically, an organization needs to change its information systems to fit the new requirements. In turn, appropriate computer techniques and technologies can be applied that best meet the requirements for the changed business conditions and stakeholder needs. The current failures of organizations indicate that their information systems are not reflective of current business conditions and ecosystems, even though the application of newer techniques and technologies may abound in the organization. The turbulence of current business conditions, then, necessitates the need for decision makers to use the latest in information system developments—that is, optimal knowledge management (KM)/wisdom management (WM) systems.


Intel pursuing new chips as it plots a wearables future

The company's approach to wearables is being replicated in other areas like the Intel Sports Group, which is developing technology so users can watch 3D sports broadcasts as if they were in the stadium. One way to achieve that is by putting more cameras across the field, including helmets worn by players. Using algorithms, Intel servers slice and dice the images from the cameras to provide the customized footage. This will translate well to wearables like VR headsets, as users will be able to get a bird's eye view of a touchdown in a football game or a goal in soccer. Chips like Curie are already instrumental in improving the sports viewing experience from events like last year's Winter X Games. In real time, viewers were able to view key athlete performance data like the height of a snowboarder jump and how far they rotated.


How A.I. technology is causing major ripples in the travel industry

“Flight fares and hotel prices are ever-changing and vary greatly depending on the provider,” software company AltexSoft admits. “No one has time to track all those changes manually. Thus, smart tools which monitor and send out timely alerts with hot deals are currently in high demand in the travel industry.” Dynamic pricing and fare forecasting tools are all the rage right now. People know there are better deals out there and want access to information that helps them save as much money as possible on flights, hotels, and other accommodations. Hopper is one of the leading startups in this area. They’ve raised more than $37 million to date and have built an advanced application that uses applied predictive analytics to tell users exactly when to pull the trigger on a travel deal.


Augmented and virtual reality to see aggressive growth by 2021

IDC includes in its count of commercial VR and AR the numerous arcades in China's cities where customers play online VR games. "A lot of VR gaming is taking place that way," he said. Those headsets are purchased by the arcade or movie theater operators, and are counted as commercial sales, he explained. Even with those kinds of early successes, VR still suffers from limited content. "There's not a lot of VR content out there and what is out there is very targeted" to younger users and gamers, Ubrani said. Facebook, which purchased Oculus in 2014, allows users to create VR avatars to use in a virtual world, for example. Strategy Analytics on Thursday said VR is "poised for tremendous growth over the next several years," but tempered its optimism with a survey that indicates VR experiences are still wanting.


Why Google's smart jacket could be a boon for commuters

Google and Levi's first announced plans to create the interactive jacket last year. It will mark the first widely available product using technology from Google's Project Jacquard, announced in 2015, which aims to make it possible to "weave touch and gesture interactivity into any textile using standard, industrial looms," according to the project's website. Basically, Google has made conductive yarn, which will allow the company to create smart clothes and smart furniture by adding in interactive surfaces to the fabric. "Project Jacquard will allow designers and developers to build connected, touch-sensitive textiles into their own products," the website stated. The Levi's Commuter Trucker Jacket was designed specifically for urban bike commuters. The jacket is dark denim, very similar in terms of looks to other Levi's commuter coats.


Online cybersecurity course targets business professionals

Because new technologies will require new policies and incentives, and emerging policies must adapt to future technologies, "We have brought together a pool of world-renowned faculty cybersecurity experts from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) and the Sloan School of Management to teach this online course," Shrobe said. The six-week course offers a holistic, comprehensive view of key technologies, techniques and systems. The goal, said Shrobe, is for participants to walk away with a broad understanding of hardware, software, cryptography, and policy to make better, safer long-term security decisions. "Some of the research we focus on is about creating systems that are harder to hack. We’ve demonstrated that it is possible to design a modern computer system that attackers can’t break into and that can protect our information," Shrobe said.


3 Important New Cyber Security Trends

If 2016 was the year of cyber attacks, 2017 is the year of prevention. Twelve months ago, experts were predicting an increase in the innovation and sophistication of cyber attacks and a greater breakdown in security measures on a global scale. With the Internet of Things (IoT) making the world more connected than ever and companies continuing to back-burner security issues, forecasters pointed to a perfect storm. Organizations and individuals would be more vulnerable than ever. They were right. But from the wreckage of hacks and privacy violations of 2016, some important lessons were learned and they will set the trend for the next wave of technology innovations. Managing Director of the Information Security Forum (ISF) Steve Durbin, a risk management expert, said, “I think we are seeing a raised level awareness about the fact that operating in cyber brings about its own peculiarities…I see an increasing maturity and development of the cyber crime gangs.


Standards and Security: The Great DDoS Challenge

DDoS attacks are becoming far more sophisticated so it’s essential that hardware and software manufacturers start to seriously consider standards to address the potential security risks in the growing Internet of Things. One key standard is the Open Trusted Technology Provider Standard, or O-TTPS, which addresses these issues around supply chain security and product integrity. Recently approved as ISO/IEC 20243, this set of best practices can be applied from design to disposal, throughout the supply chain and the entire product life cycle. Standards like the O-TTPS aim to reduce the risk of tainted (e.g., malware-enabled and malware-capable) and counterfeit hardware and software components from entering the supply chains and making their way into products that connect to the internet. This specific standard also has a conformance program that identifies Open Trusted Technology Providers who conform.


Cybersecurity not a one-time effort for small businesses; requires constant vigilance

Invasions that render a computer’s files unusable unless the user pays a ransom have also surged. Cybercriminals who use this method are aggressive — one variation of ransomware attacked an estimated 100,000 computers a day within weeks of its release last year, according to the FBI. The costs of an invasion can be steep. Heath estimates he lost $10,000 in business because the site was down. He didn’t have to pay to have the website rebuilt, because his business was part of an incubator where tech help was available for free. But recreating a website could run a business well into the thousands of dollars. Many owners believe they don’t have the resources — human or financial — to keep their companies safe, which takes keeping up with frequent security updates for software and equipment.


India ID plan wins World Bank praise amid Big Brother fears

An ambitious government-run project -- just like the Internet at the time of its creation decades ago -- Aadhaar began in 2009 to target payments to the poor across India’s vast hinterland. Other governments are already interested in its potential. Countries such as Tanzania, Afghanistan and Bangladesh have visited India to talk about the system, said Nandan Nilekani, billionaire co-founder of the technology company Infosys Ltd. and former chairman of the Unique Identification Authority of India, who created Aadhaar. Russia, Morocco, Algeria and Tunisia have also indicated their interest in Aadhaar, R.S. Sharma, chairman of the telecom regulatory authority of India, told the Mint newspaper in July 2016. "They’re all keen to see how they can replicate this in their countries," Nilekani said by phone. "This is a great example of how governments can build the most modern digital public infrastructure, and make it available as a public good to everybody."


Quote for the day:


"Nothing is so painful to the human mind as a great and sudden change." -- Mary Shelley

Posted by at No comments:
Labels: , , , , , , , ,

Daily Tech Digest - March 16, 2017

Ethical Hacking: The Most Important Job No One Talks About

Ethical hacking is used to build real-world potential attacks on an application or the organization as a whole, as opposed to the more analytical and risk-based analysis achieved through security audits. As an ethical hacker, the goal is to find as many vulnerabilities as possible, no matter the risk level, and report them back to the organization. Another advantage is that once hackers detect a risk, vendors can add the detection capability to their products, thus enhancing detection quality in the long run. For example, David Sopas, security research team leader for Checkmarx, discovered a potentially malicious hack within a LinkedIn reflected filename download. This hack could have had a number of potential outcomes, including a full-blown hijacking of a victims' computers if they had run the file. It's probably safe to say that just the audit wouldn't have identified this hidden flaw.


Unicef uses data science to track refugees

Unicef is working with Scottish data startup Brainnwave in a collaborative for one of its projects in Somalia, locating and tracking population movement in the country to enable Unicef to allocate resources and efforts to the areas in greatest need. The UK Disasters Emergency Committee is currently putting a spotlight on Somalia and neighbouring countries, and has estimated that 16 million people urgently need food, water and medical treatment. Some 60% of internally displaced people in Somalia are children, said Adler. When the Kenyan government threatened to close the Dadaab refugee camp last year – the biggest in the world, containing some 350,000 people – the need arose to understand where those people would move, to predict where goods and services should be sent.


Artificial Intelligence should not be seen as a threat, it will create more jobs

Human intelligence was still needed in a lot of jobs. It is still needed. But some level of automation in some sectors is bound to happen. “With the progress in technology, now with AI and machine learning, along with IoT, we are getting the ability to play around with more and more data. So definitely there has to be some skill-related training to help people analyse that data. So there will be emphasis on productivity. New jobs will be created eventually, and they will be different from what we have currently,” said Viswanathan. According to Viswanathan, IT companies are leveraging capacity to increase productivity for the customer. He dismisses doomsday talk when it comes to AI and machine learning giving an analogy of how it was predicted many decades ago that automation in the agricultural sector would wipe out the jobs of farmers.


Why hybrid cloud is not just a transitional environment

Hybrid cloud helps you in the same way. You can create amazing new capabilities that leverage the investments you have already made in your backend applications and the data you store. Leveraging cloud services with on-premises backends can add value even when there is no new cloud-native app. A common example is leveraging cloud analytics for new insight to on-premises data. How do you figure out how cloud can drive the most value for your company? For one, you need advisors who have driven success for other businesses. If you look at this purely from a speeds-and-feeds, cost-saving view, you may have missed the immediate value that hybrid cloud can provide. ...  A key aspect of driving this innovation is leveraging capabilities instead of building them. Cloud services are one of the fastest methods of driving value more quickly. So where are businesses creating impact?


Security Operations Center (SOC) Is Not New, But More Necessary Than Ever!

By definition, a SOC is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well-defined processes and procedures. The finer points of SOC deployment are very much network and organization-specific, however; following three are major components that every organization must include: People, Process, and Technology. The three exist in all elements of security and should be considered equally critical components while building a SOC. Through people, processes and technology, a SOC is dedicated to detection, investigation, and response of log events triggered through security related correlation logic.


The power of knowledge in the fight against cyber security

Currently, businesses face a real challenge in the search for the cyber security skills they need to succeed. Networkers’ recent Voice of the Workforce research confirmed this lack of skills, with more than half of the 1,656 technology professionals who were surveyed saying they believe there is a skills shortage in the sector they work in. In addition, we found that cyber security is seen as the greatest potential disruptor to the industry over the next five years. Essentially, these findings demonstrate that cyber security will live up to the hype over the coming years, but there aren’t enough people with the level of digital skills needed to deal with its impact. In addition, a 2016 Digital Skills Crisis report by the Science and Technology Committee indicated the full extent of the UK’s lack of digital capability, highlighting that 12.6 million adults lack basic digital skills - a skills gap which costs the economy more than £60 billion a year in lost income.


What Businesses Can Learn From the CIA Data Breach

Among the many CIA exploits that were leaked was one named Weeping Angel, which essentially turns a Samsung smart TV into a silent audio-recording device capable of listening in to conversations even after the device had supposedly been switched off. The exploit garnered attention not because it was particularly sophisticated, but because it demonstrated how trivially easy it is to hack many of the so-called smart "things" that are being connected to the Internet these days. For enterprises, the exploit should serve as a warning of the potential for attackers to increasingly target vulnerabilities in industrial and commercial IoT products in order to then gain entry into the enterprise. Many IoT vulnerabilities stem from Web and Web-based interfaces that are riddled with issues like remote code execution bugs and hardcoded passwords, Kolochenko says.


Is Your Connected Car at Risk? Previous Owners May Still Have Access

The most obvious problem is that, if someone sold the car but was still connected to it, in some cases it would be relatively easy for them to steal it, using the mobile phone as a key fob to unlock and start the vehicle. Many vehicles, however, still require the actual key fob to be present before the car or truck can be driven away. But the fact that prior owners could still be tracking the vehicle’s whereabouts would be enough to give most people pause. In terms of making car buyers aware of the vehicle’s potential connectivity, Hyundai’s Johnson said the automaker also slaps a sticker with an 800 number on its Blue Link–equipped vehicles letting the new owners know it’s equipped and how to get it serviced. These remote services also can cost money—in the case of Blue Link, it’s $198 per year—so most owners call and disconnect when they no longer have the car or truck, Johnson said.


Twitter Counter hacked: Hundreds of high-profile Twitter accounts hijacked

After the Twitter Counter hack, Michael Patterson, CEO of Plixer International said, “Given the political nature of the tweets, it’s not unreasonable to assume this was a state sponsored hack. The message delivered through this hack has received global attention that would likely not have been possible through any other method. This massive exposure becomes an incentive for others to use cyber-attacks as a means of gaining global attention to their cause.” “This highlights the expanded threat surface created when third party applications are granted access to social media platforms and the applications we use every day,” Patterson added. “It is common for consumer applications to request access to social media platforms, and most people will allow that access. Every time you link another application to your social media platforms, you are providing hackers with another possible point of entry.”


Want Good Cyber Insurance? Read The Fine Print

“The major threat to the insurability of cyber is that a systemic attack, such as a cyber attack on the power grid, could cause a catastrophic loss, with many insureds hit by the same event,” Coburn said. With that kind of uncertainty, erring on the side of caution tends to lead to higher prices, more exclusions that limit coverage – or both. “Cyber insurance is a nascent industry,” said Robin Gottschalk, insurance producer on Insureon's technology desk. “So, while complex models are forecasting costs, realized costs can be much different. They can vary widely because there are more incidents than insurance companies are forecasting or because the incidents are more expensive than anticipated.” Steve Durbin, managing director at the Information Security Forum, called risk measurement, “hugely complex,” and said many insurers are still struggling with cyber risks because of a lack of “significant data and trend analysis.”


Quote for the day:


"A man always has two reasons for doing anything: a good reason and the real reason." -- J.P. Morgan

Posted by at No comments:
Labels: , , , , , , , , ,
Subscribe to: Posts (Atom)